Assange accuses CIA of “historic act of devastating incompetence”
Sean Gallagher, Ars Technica, Mar 9 2017
The WikiLeaks selective dump of internal files from the CIA’s espionage software development organization was accompanied by a press release from Julian Assange that went full-throttle on the dire nature of the CIA’s hacking tools. While the documents themselves provide context that contradicts some of Assange’s hype, there is certainly a major cause for concern that comes along with the press release: Assange claims that the CIA’s tools are being shared “out of control” and may already be in use for nefarious purposes. In a video statement on Periscope today, Assange asserted that:
The CIA lost control of its entire cyber-weapons arsenal. Now, this is a historic act of devastating incompetence, to have created such an arsenal and stored it all in one place and not secured it. It was being passed around a number of different members of the Pindo intelligence community, out of control, in an unauthorized fashion.
When Assange released the first wave of documents from what is apparently a recent archive from an internal CIA developer collaboration server, he did a number of things that WikiLeaks hasn’t done in the past. Perhaps in response to some of the criticism leveled against WikiLeaks from others including Edward Snowden, Assange and WikiLeaks largely redacted personal details of CIA employees from the dump. The group also held back the archives of the tools themselves, publishing instead text files with a list of the archives’ contents. Assange has taken the position that this leak is primarily about protecting computer users around the world from the use of the tools that are part of the leak. He also insinuated WikiLeaks had evidence that the CIA spied on Pindo citizens, or at least had implants on systems with Pindo IP addresses. He said he had been contacted by a malware researcher who believed that his Apple Mac was infected by the QuarkMatter malware described in the CIA documents. This is an implant that infects the EFI partition of a Mac’s storage device. Based on the documents leaked by Assange and WikiLeaks, that implant was still largely a work in progress. Assange said:
It lools like not only is it being spread around contractors and former Pindo computer hackers for hire, but now maybe around the black market or being used by these Pindo hackers who sometimes cross both sides of the fence, they’re called grey hats, for attacking others.
Assange also noted that while WikiLeaks was not yet publishing the tools themselves, he and WikiLeaks would share them with the targeted companies in order to help them protect themselves. He then accused the CIA of covering up the leak, saying:
Tha CIA is causing damage to those companies with what appears to be the largest arsenal of Trojans and viruses in the world, that attacks most of the systems that journalists, people in government, politicians, CEOs and average people use.
Assange cited a few reports, such as one from Reuters yesterday, that reported the CIA had been aware of a breach at the end of last year, saying:
The CIA knew that it had lost that material, or that we had that material, and has not disclosed that, to the public at least, not warned the public that there’s loose weapons arsenal out there … It’s a very interesting question, I think, about who was told in government and when. Did it tell Barack Obama? Did Obama know during the election and after the election? Did he tell Pres Trump? And why did the CIA not warn Apple, Microsoft and other systems manufacturers?
CIA spox Jonathan Liu told Ars:
We have no comment on the authenticity of purported intelligence documents released by Wikileaks, or on the status of any investigation into the source of the documents…. As we’ve said previously, Julian Assange is not exactly a bastion of truth and integrity… The Pindo sheeple should be deeply troubled by any Wikileaks disclosure designed to damage the IC’s ability to protect Pindostan against terrorists and other adversaries. Such disclosures not only jeopardize Pindo personnel and operations, but also equip our adversaries with tools and information to do us harm.